Implement multi tenancy

2025-12-20 20:29:06 +00:00 · 2023-10-27 11:26:00 +02:00
parent 6bd5247bab
commit 4a69bffc9c
37 changed files with 409 additions and 236 deletions
--- a/www/app/lib/fief.ts
+++ b/www/app/lib/fief.ts
@@ -1,6 +1,8 @@
-"use client";
 import { Fief, FiefUserInfo } from "@fief/fief";
 import { FiefAuth, IUserInfoCache } from "@fief/fief/nextjs";
+import { get } from "@vercel/edge-config";
+import { NextRequest, NextResponse } from "next/server";
+import { useError } from "../(errors)/errorContext";

 export const SESSION_COOKIE_NAME = "reflector-auth";

@@ -38,13 +40,54 @@ class MemoryUserInfoCache implements IUserInfoCache {
  }
 }

-export const fiefAuth = new FiefAuth({
-  client: fiefClient,
-  sessionCookieName: SESSION_COOKIE_NAME,
-  redirectURI:
-    process.env.NEXT_PUBLIC_AUTH_CALLBACK_URL ||
-    "http://localhost:3000/auth-callback",
-  logoutRedirectURI:
-    process.env.NEXT_PUBLIC_SITE_URL || "http://localhost:3000",
-  userInfoCache: new MemoryUserInfoCache(),
-});
+const FIEF_AUTHS = {} as { [domain: string]: FiefAuth };
+
+export const getFiefAuth = async (url: URL) => {
+  if (FIEF_AUTHS[url.hostname]) {
+    return FIEF_AUTHS[url.hostname];
+  } else {
+    const config = url && (await get(url.hostname));
+    if (config) {
+      FIEF_AUTHS[url.hostname] = new FiefAuth({
+        client: fiefClient,
+        sessionCookieName: SESSION_COOKIE_NAME,
+        redirectURI: config["auth_callback_url"],
+        logoutRedirectURI: url.origin,
+        userInfoCache: new MemoryUserInfoCache(),
+      });
+      return FIEF_AUTHS[url.hostname];
+    } else {
+      throw new Error("Fief intanciation failed");
+    }
+  }
+};
+
+export const getFiefAuthMiddleware = async (url) => {
+  const protectedPaths = [
+    {
+      matcher: "/:domain/transcripts",
+      parameters: {},
+    },
+    {
+      matcher: "/:domain/transcripts/:path*",
+      parameters: {},
+    },
+    {
+      matcher: "/:domain/browse",
+      parameters: {},
+    },
+    {
+      matcher: "/transcripts",
+      parameters: {},
+    },
+    {
+      matcher: "/transcripts/:path*",
+      parameters: {},
+    },
+    {
+      matcher: "/browse",
+      parameters: {},
+    },
+  ];
+  return (await getFiefAuth(url))?.middleware(protectedPaths);
+};